Scheduling Malware Signature Updates in Relation to Threat Awareness and Environmental Safety

1. A computer-implemented method of retrieving a set of malware signatures comprising: receiving, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client; calculating, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats; identifying a plurality of different time intervals respectively associated with a plurality of different environmental safety scores; selecting a time interval of the plurality of different time intervals associated with the calculated environmental safety score; retrieving a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and storing the set of malware signatures.

2. The computer-implemented method of claim 1 , wherein calculating the environmental safety score associated with the client based, at least in part, on the client safety scores received from the peer clients comprises: determining a client safety score associated with the client, wherein the client safety score indicates a likelihood of client exposure to malware threats; and calculating the environmental safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients.

3. The computer-implemented method of claim 2 , wherein calculating the environment safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients comprises: selecting one of the client safety score associated with the client and a client safety score received from a peer client indicating a highest likelihood of exposure to malware threats as the environmental safety score.

4. The computer-implemented method of claim 1 , wherein a length of the selected time interval associated with the calculated environmental safety score associated with the client is inversely proportional to the likelihood that the client is exposed to malware threats indicated by the environmental safety score.

5. The computer-implemented method of claim 1 , further comprising: identifying a malware threat detection event at the client based on the retrieved set of malware signatures; determining a client safety score associated with the malware threat detection event; and providing the client safety score associated with the malware threat detection event to the peer client.

6. The computer-implemented method of claim 1 , wherein the value of the client safety score is further based on a number of software applications stored at the peer client having unknown reputations.

7. The computer-implemented method of claim 1 , wherein the value of the client safety score is further based on security settings of a browser stored at the peer client.

8. The computer-implemented method of claim 1 , wherein the value of the client safety score is selected from a continuous range of scores.

9. A non-transitory computer-readable storage medium encoded with executable computer program code for retrieving a set of malware signatures, the program code comprising program code for: receiving, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client; calculating, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats; identifying a plurality of different time intervals respectively associated with a plurality of different environmental safety scores; selecting a time interval of the plurality of different time intervals associated with the calculated environmental safety score associated with the client; retrieving a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and storing the set of malware signatures.

10. The non-transitory computer-readable storage medium of claim 9 , wherein program code for calculating the environmental safety score associated with the client based, at least in part, on the client safety scores received from the peer clients comprises program code for: determining a client safety score associated with the client, wherein the client safety score indicates a likelihood of client exposure to malware threats; and calculating the environmental safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients.

11. The non-transitory computer-readable storage medium of claim 10 , wherein program code for calculating the environment safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients comprises: selecting one of the client safety score associated with the client and a client safety score received from a peer client indicating a highest likelihood of exposure to malware threats as the environmental safety score.

12. The non-transitory computer-readable storage medium of claim 9 , wherein a length of the selected time interval associated with the calculated environmental safety score associated with the client is inversely proportional to the likelihood that the client is exposed to malware threats indicated by the environmental safety score.

13. The non-transitory computer-readable storage medium of claim 9 , further comprising program code for: identifying a malware threat detection event at the client based on the retrieved set of malware signatures; determining a client safety score associated with the malware threat detection event; and providing the client safety score associated with the malware threat detection event to the peer client.

14. A computer system for retrieving a set of malware signatures, the system comprising: a processor for executing computer program code; and a computer-readable storage medium encoded with executable computer program code comprising: a peer reporting module adapted to receive, at a client, client safety scores from a set of peer clients associated with the client, a client safety score for a peer client having a value indicating a mode of operation associated with the peer client, the value normalized as a ratio of a number of malware threat detections on the peer client to a number of software applications found on the peer client; an environmental score module adapted to calculate, by the client, an environmental safety score associated with the client based, at least in part, on the client safety scores received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats; a signature update module adapted to: identify a plurality of different time intervals respectively associated with a plurality of different environmental safety scores; select a time interval of the plurality of different time intervals associated with the calculated environmental safety score associated with the client; retrieve a set of malware signatures from a server at a time determined responsive to the environmental safety score and the selected time interval; and store the set of malware signatures.

15. The computer system of claim 14 , further comprising a client safety score module adapted to determine a client safety score associated with the client, wherein the client safety score indicates a likelihood of client exposure to malware threats, wherein: the environmental score module is further adapted to calculate the environmental safety score associated with the client based, at least in part, on the client safety score associated with the client and the client safety scores received from the set of peer clients.

16. The computer system of claim 14 , wherein the selected time interval associated with the calculated environmental safety score associated with the client is inversely proportional to the likelihood that the client is exposed to malware threats indicated by the environmental safety score.